Job Description

Business Function
Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.
Job Summary:
We are seeking a highly skilled and experienced Security Architect to design, build, and maintain bank's and Vendor security architecture. This role will be responsible for evaluating and improving Bank/Vendor security posture, ensuring that systems, data, applications, and networks are secure and compliant with industry standards, regulations, and best practices and maintaining the ATM Logical security.
Key Responsibilities:
Security Architecture Design:
Design and implement robust security architectures for cloud, on-premises, and hybrid environments.
Develop and enforce security policies, standards, and procedures across systems and applications.
Define security requirements and work with relevant teams to ensure secure system design and integration.
Risk Management & Compliance:
Conduct risk assessments and recommend mitigation strategies.
Ensure compliance with relevant regulatory frameworks (e.g., ISO 27001, NIST, PCI-DSS).
Support audits and respond to security-related inquiries, regulatory compliance (e.g. DPSC, RBI Cybersecurity Framework, SEBI CSCRF, IT outsourcing guidelines digital lending norms).
ATM Logical Security:
Ensure Logical controls on all the bank ATM terminals is inline to bank standard.
Perform periodic ATM security assessment covering Vulnerability management, Host level security etc.
Perform periodic Governance of the ATM logical security controls.
Collaboration & Guidance:
Serve as a security advisor to business units, IT, Business partners, Vendors and Application teams.
Lead threat modeling exercises and provide security reviews for new systems, Projects or services.
Regulatory Reporting;
Ensure timely and accurate submission of periodic and ad-hoc returns, statements, and reports of regulatory submissions like Quarterly Cyber KRI, Tranche I, Tranche II, Tranche III etc.
Maintain records of all regulatory submissions, approvals, and correspondences with RBI.
Training & Awareness:
Conduct training sessions and awareness programs on RBI regulations and compliance best practices.
Promote a culture of regulatory compliance and ethical conduct across the organization.
Monitoring & Response:
Collaborate with Security Operations to develop and improve monitoring and incident response capabilities.
Assist in the investigation of security breaches and help with the root cause analysis.
Security Tools & Technologies:
Manage security solutions such as SIEM, EDR, WAF, IAM etc.
Stay up-to-date on the latest cybersecurity trends, technologies, and threat landscapes.
Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (Master's preferred).
• 10+ years of progressive experience in cybersecurity roles, including at least 5 years in a security architecture or engineering position.
• Certifications (preferred but not required): CISSP, CISM, CISA, AWS/Azure/GCP Certified Security - Specialty, or similar.

Skills & Competencies:

• Deep understanding of security principles, architectures, and technologies.
• Strong knowledge of cloud platforms (e.g., AWS, Azure, GCP) and cloud security frameworks.
• Familiarity with microservices security, and container security (e.g., Docker, Kubernetes).
• Strong analytical and problem-solving skills.
• Excellent communication skills and ability to work cross-functionally.
• Proven ability to conduct security assessments and interpret security reports.
• Strong analytical, problem-solving, and communication skills to effectively engage with internal and external stakeholders.

Skills Required